Test Observed Correlations of Unsolicited IP Traffic Across Five Distinct Network Telescopes

article preview

ABSTRACT

Using network telescopes to monitor unused IP address space provides a favourable environment for researchers to study and detect malware, denial of service, and scanning activities on the Internet. This research focuses on comparative and correlation analysis of traffic activity across five IPv4 network telescopes, each with an aperture size of /24 over a 12-month period. Time series representations of the traffic activity observed on these sensors were constructed. Using the cross- and auto-correlation methods of time series analysis, sensor data was quantitatively analysed with the resulting correlation of network telescopes’ traffic activity found to be moderate to high, dependent on grouping.

 


AUTHORS

nameBVW Irwin, T Nkhumeleni
Department of Computer Science
Rhodes University, South Africa

Barry Irwin is an Associate Professor in the Department of Computer Science at Rhodes University, South Africa. He established and has led the Security and Networks Research Group (SNRG) since its founding in 2003. He holds a PhD from Rhodes University and a CISSP. His current areas of research include network traffic analysis, data visualization and webserver malware.

 


 

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

P

PDA

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com